1Verizon Data Breach Study Finds Little Progress in Containing Malware
2Phishing Scams Work All Too Well
Phishing scams are becoming more effective. Verizon found that 23 percent of phishing email recipients are now opening the messages, and a whopping 11 percent of those unsuspecting victims are opening associated attachments. It takes just 82 seconds from the time a phishing campaign is launched to the moment it hooks its first victim.
3How Malware Is Infiltrating Your Networks
Malware is another problem companies need to worry about. Verizon found that 20,000 organizations it studied intercepted 170 million malware events. To increase the chances of a successful malware infection, hackers continually made slight modifications to the malware code each time they used it to try to hide it from anti-malware scanners. In other words, if the cyber-criminals were persistent enough, they were able to get past the antivirus defenses to compromise computer systems with relative ease.
4Corporate Software Is Riddled With Vulnerabilities
Verizon found that malicious hackers could target more than 7 million vulnerabilities, though most hackers focus solely on 10 vulnerabilities. Better yet, for the vast majority of the 7 million vulnerabilities, patches have been available for months. There’s just one problem: most systems are not patched and Verizon even detected un-patched vulnerabilities dating back to 1999.
5It Takes Just Seconds to Infect and Penetrate Networks
6But It Can Take Days to Contain a Detected Threat
7Data Breach Costs Can Be Staggering
Losing customer records can be extremely costly, Verizon discovered. The company analyzed cyber-liability insurance claims and found that the average cost of a breach of 1,000 records can be between $52,000 and $87,000, or between $52 and $87 per record. If 10 million records are stolen, the total claim will range between $2.1 million and $52 million. But at this scale, at least the cost per breach drops down to 22 cents to 52 cents per record.
8Human Error or System Misuse Opens the Way for Cyber-Criminals
9Point-of-Sale Devices Are Likely Targets
According to Verizon, the most likely place for hackers to target is a point-of-sale device that processes and stores valuable credit card information. In addition, malicious hackers are capturing information through “cyber-espionage” and by utilizing Internet applications. Denial-of-service attacks and physical theft were among the least likely ways for hackers to obtain corporate data.
10Just 70 Organizations Reported Thousands of Incidents
Verizon says that 70 organizations supplied it with data on breaches, which might not seem like much. However, from just those 70 organizations, Verizon discovered more than 2,100 data breaches and nearly 80,000 security incidents. That’s an average of more than 1,000 security incidents per organization, or about three per day. Verizon independently analyzed more than 20,000 organizations, but just 70 of them supplied data on breaches to the company.
11Internet of Things Malware Threats ‘Extremely Low’
The Internet of things, or the term for previously disconnected devices that are now coming online, is one of the few small concerns from Verizon’s study. In fact, the company found that the number of malware examples attacking Internet of things devices on the Web “was extremely low,” adding that when malware was discovered, it was typically “resource-wasting, but low-impact, infections.”